The GDPR is supposed to make data protection easier and to provide extra protection for EU citizens. In some aspects the GDPR has fulfilled its purpose; in other areas the GDPR makes the protection of those same EU citizens as customers much more difficult.

With the GDPR it is a lot more difficult to fight cybercrime including online trade with counterfeit goods. This is due to the blackout of the domain owners’ information in the WHOIS database. It is not compliant with GDPR if personal information, e.g. e-mail addresses or names are publicly displayed.

Not being able to access the information of domain owners hampers efforts to stop cybercrime, for example identifying an individual behind the website selling infringing products. It allows criminals to hide behind their websites.

For purposes of brand protection, it is in most cases still possible to find relevant information on the infringing websites and then conduct investigations in order to get further information. However, that means a lot more manual work and not every brand owner might be able to afford that.